Actively Exploited Zero-Day Flaw in Chrome Browser Patch Now
Tracked as CVE-2022-4135, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component
Read More...
Nighthawk Likely to Become Hackers’ New Post-Exploitation Tool After Cobalt Strike
A nascent and legitimate penetration testing framework known as Nighthawk will likely gain threat actors' attention for its Cobalt Strike-like capabilities
Read More...
Malware Installs Malicious Browser Extensions to Steal Users’ Passwords and Cryptos
The distribution vector used to propagate ViperSoftX is typically achieved through cracked software for Adobe Illustrator and Microsoft Office that are hosted on file-sharing sites
Read More...
Google releases 165 YARA rules to detect Cobalt Strike attacks
The Google Cloud Threat Intelligence team has open-sourced YARA Rules and a VirusTotal Collection of indicators of compromise (IOCs) to help defenders detect Cobalt Strike components in their networks
Read More...
LodaRAT Malware Resurfaces with New Variants Employing Updated Functionalities
The LodaRAT malware has resurfaced with new variants that are being deployed in conjunction with other sophisticated malware, such as RedLine Stealer and Neshta
Read More...
Phishing kit impersonates well-known brands to target US shoppers
A sophisticated phishing kit has been targeting North Americans since mid-September, using lures focused on holidays like Labor Day and Halloween
Read More...
Google Search results poisoned with torrent sites via Data Studio
Threat actors are abusing Google's Looker Studio (formerly Google Data Studio) to boost search engine rankings for their illicit websites that promote spam, torrents, and pirated content
Read More...
Atlassian fixes critical command injection bug in Bitbucket Server
Both security vulnerabilities received a severity rating of 9 out of 10 (calculated by Atlassian) and affect multiple versions of the products
Read More...
Worok Hackers Abuse Dropbox API to Exfiltrate Data via Backdoor Hidden in Images
The purpose of the PNG files is to conceal a payload that's used to facilitate information theft
Read More...
Cookies for MFA Bypass Gain Traction Among Cyberattackers
Stealing session cookies has become one of the most common ways that attackers circumvent multifactor authentication
Read More...